This repository was archived by the owner on Apr 12, 2024. It is now read-only.
File tree 2 files changed +12
-0
lines changed
2 files changed +12
-0
lines changed Original file line number Diff line number Diff line change @@ -1453,6 +1453,11 @@ function allowAutoBootstrap(document) {
14531453 return true ;
14541454 }
14551455
1456+ // If the `currentScript` property has been clobbered just return false, since this indicates a probable attack
1457+ if ( ! ( script instanceof window . HTMLScriptElement || script instanceof window . SVGScriptElement ) ) {
1458+ return false ;
1459+ }
1460+
14561461 var srcs = [ script . getAttribute ( 'src' ) , script . getAttribute ( 'href' ) , script . getAttribute ( 'xlink:href' ) ] ;
14571462
14581463 return srcs . every ( function ( src ) {
Original file line number Diff line number Diff line change @@ -1773,6 +1773,13 @@ describe('angular', function() {
17731773 expect ( allowAutoBootstrap ( createFakeDoc ( { src : 'resource://something' , href : 'http://something' , 'xlink:href' : 'http://something' } ) ) ) . toBe ( false ) ;
17741774 } ) ;
17751775
1776+ it ( 'should not bootstrap if the currentScript property has been clobbered' , function ( ) {
1777+
1778+ var img = document . createElement ( 'img' ) ;
1779+ img . setAttribute ( 'src' , '' ) ;
1780+ expect ( allowAutoBootstrap ( createFakeDoc ( { } , 'http:' , img ) ) ) . toBe ( false ) ;
1781+ } ) ;
1782+
17761783 it ( 'should not bootstrap if bootstrapping is disabled' , function ( ) {
17771784 isAutoBootstrapAllowed = false ;
17781785 angularInit ( jqLite ( '<div ng-app></div>' ) [ 0 ] , bootstrapSpy ) ;
You can’t perform that action at this time.
0 commit comments